Spring Security - 多个已登录用户

时间:2016-05-05 22:16:09

标签: java spring spring-mvc spring-security

我遇到Spring Security配置问题。

当我以user1身份登录一台计算机,然后我将以另一台计算机上的user2身份登录时,刷新后的第一台计算机将所有内容视为user2。

换句话说,不可能同时有两个不同用户的会话。

配置:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER");
        auth.inMemoryAuthentication().withUser("user2").password("user2").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        CharacterEncodingFilter filter = new CharacterEncodingFilter();
        filter.setEncoding("UTF-8");
        filter.setForceEncoding(true);
        http.addFilterBefore(filter,CsrfFilter.class);

        http.csrf().disable();

        http.authorizeRequests()
                .antMatchers("/", "/login").permitAll()
                .antMatchers("/questions/**").access("hasRole('USER')")
                .and().formLogin().loginPage("/login").defaultSuccessUrl("/questions")
                .usernameParameter("ssoId").passwordParameter("password");
    }

Spring Security版本:4.0.1.RELEASE

Spring版本:4.1.6.RELEASE

控制器中的登录请求:

@RequestMapping(value = { "/", "/login" }, method = RequestMethod.GET)
public String homePage() {
    return "login";
}

2 个答案:

答案 0 :(得分:0)

@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER");
    auth.inMemoryAuthentication().withUser("user2").password("user2").roles("USER");
}

有了这个,你说这是会话中的用户2 

@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser(getUser()).password(getPassword()).roles("USER");
}

答案 1 :(得分:0)

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("sergey")
                .password("{noop}12345678")
                .roles("USER")
                .and()
                .withUser("John")
                .password("{noop}87654321")
                .roles("MANAGER");
    }

}
相关问题
最新问题